Re: nscd AVC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/10/2011 03:03 PM, Dominick Grift wrote:
> On 01/10/2011 08:35 PM, Daniel J Walsh wrote:
>> On 01/10/2011 02:12 PM, Vadym Chepkov wrote:
> 
>>> On Jan 10, 2011, at 1:32 PM, Daniel J Walsh wrote:
> 
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> On 01/10/2011 12:40 PM, Vadym Chepkov wrote:
>>>>> Hi,
>>>>>
>>>>> Is it safe to permit these?
>>>>>
>>>>> selinux-policy-3.9.7-18.fc14.noarch
>>>>>
>>>>> # ausearch -m avc -ts yesterday
>>>>> ----
>>>>> time->Sun Jan  9 11:23:14 2011
>>>>> type=SYSCALL msg=audit(1294590194.604:12): arch=40000003 syscall=5 success=yes exit=18 a0=57b497 a1=0 a2=1b6 a3=58856a items=0 ppid=1 pid=997 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null)
>>>>> type=AVC msg=audit(1294590194.604:12): avc:  denied  { read } for  pid=997 comm="nscd" name="/" dev=dm-2 ino=2 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
>>>>> ----
>>>>> time->Sun Jan  9 11:23:14 2011
>>>>> type=SYSCALL msg=audit(1294590194.604:13): arch=40000003 syscall=195 success=yes exit=0 a0=57b49c a1=ae2f16bc a2=29fff4 a3=3 items=0 ppid=1 pid=997 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null)
>>>>> type=AVC msg=audit(1294590194.604:13): avc:  denied  { read } for  pid=997 comm="nscd" name="tmp" dev=dm-0 ino=15581 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
>>>>> ----
>>>>> time->Sun Jan  9 11:41:04 2011
>>>>> type=SYSCALL msg=audit(1294591264.449:7): arch=40000003 syscall=195 success=yes exit=0 a0=3f049c a1=ae9f964c a2=38bff4 a3=3 items=0 ppid=1 pid=973 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null)
>>>>> type=AVC msg=audit(1294591264.449:7): avc:  denied  { read } for  pid=973 comm="nscd" name="tmp" dev=dm-0 ino=15581 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
>>>>> ----
>>>>> time->Sun Jan  9 11:41:04 2011
>>>>> type=SYSCALL msg=audit(1294591264.448:6): arch=40000003 syscall=5 success=yes exit=16 a0=3f0497 a1=0 a2=1b6 a3=3fd56a items=0 ppid=1 pid=973 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null)
>>>>> type=AVC msg=audit(1294591264.448:6): avc:  denied  { read } for  pid=973 comm="nscd" name="/" dev=dm-2 ino=2 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> selinux mailing list
>>>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx
>>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 
>>>> What is nscd looking for in /tmp?
> 
>>> nscd is part of glibc, so the source code is really huge and it uses TMPDIR environment variable all over the place.
>>> "Don't know" would be an honest answer. Shall I open bugzilla about it?
> 
>>> Thanks,
>>> Vadym
> 
> 
> 
> 
>> I have a feeling that you can dontaudit these rather then allow.  Might
>> be a leaked file descriptor from the calling app. (cron?)
> 
> agreed, i do not see what business nscd has in /var/tmp and i do not see
> any attempt to open the /var/tmp directory (in order to list it)
> 
> but that aside i do not think it is really dangerous to allow this
> access. Sub-optimal it may be at least.
> 
- --
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

The cron call is probably cruft from a leaked file descriptor or cron
being started in /tmp.  I actually think we should remove it.  I have
been told nscd can do some crazy stuff with kerberos or maybe the
cacheing is putting its files in /tmp.

sssd should make handling a lot of this stuff cleaner.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0sZP4ACgkQrlYvE4MpobNjGQCgrfc2PdQXFbYYQ7GjUHuVge53
P7UAnimWvDgoiSvVqaHzCUbE0f8o9eGN
=Zh25
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux